(Literally) Beating the Drum of Software Architecture!

Security. Ask anyone in the software industry what they think is the most important thing to consider when developing an applications and, invariably, security will be in the top three if not the number one thing (which is really what it should be every time). Of course, it’s no secret that many applications have fallen from the pure path when it comes to security. It seems almost a cliché news item these days where tens of thousands or even millions of records containing personal information walked out of an office building somewhere on a thumb drive, driving-up costs for corporations, governments and individuals and driving-down the public trust that the personal information we entrust to other is actually being secured in any reasonable fashion.

In 2002, the famous Bill Gates security memo changed the way Microsoft approached development of its products. The so-called “Trustworthy Computing” initiative was born and Windows Vista was the first OS release from Microsoft that embraced the security-first mindset. Windows 7 takes the next evolutionary steps by enhancing some of the features of Vista and adding support for new security features. In this post, we’ll look at the two most obvious new security features in Windows 7: BitLocker To Go and User Account Control (UAC).

BitLocker To GoBitLocker, which debuted on Windows Vista Ultimate and Enterprise, is a hard drive security tool that encrypts all of the data on your computer’s hard drive partition and allows access to it only if you are logged into the machine under the identify of the data’s owner. This utility was designed specifically to prevent sensitive data from being accessed from a lost or stolen laptop, an ever increasing phenomenon with the number of mobile workers burgeoning.

Stolen or misplaced laptops are not the only threat to sensitive data, however. More and more, we hear stories about data walking out the front door of an office building on USB flash drives and other types of portable media. According to the 2008 Computer Security Institute Computer Crime and Security Survey, 42% of respondents reported that their organization experienced theft of laptops or mobile devices.

Windows 7 takes BitLocker to the next level with BitLocker To Go, which extends encryption capabilities to externally connected USB drives while making the original features of BitLocker even easier to use. To access BitLocker or BitLocker To Go, just follow these steps:

1) Attach your external USB drive and open Windows Explorer. Click on the Computer item to look at all internal and attached drives.

2) Right-click on the icon for your attached drive and select Turn on BitLocker…

3) BitLocker will initialize for a few seconds and then present you with the following dialog:

Decide whether you want to use a custom username and password to access the encrypted data or use your SmartCard and click the Next button.

4) On the next dialog box, you will choose how to persist your recovery key should you forget or lose your password to the encrypted drive:

As this information will give someone access to your drive, be sure to store this information in a secure area, both the physical page if you choose to print it, and in your file system. Once you’ve stored your recovery key, click the Next button.

5) On the final dialog window, click the Start Encrypting button to encrypt your USB drive. Depending on the size of the drive, this can take some time. Once the encryption process begins, you should let it finish before removing the drive from your machine. However, if you need to remove it, be sure to click Pause button.

6) Now, remove the drive for your computer and then reattach it. You’ll see the dialog below:

Notice that you’re being prompted to enter your password. For your convenience, you can also indicate that the drive should automatically unlock when connected to your computer. If you need to ever change any of your BitLocker settings for the drive, you can always right-click on the drive icon in Windows Explorer, select Manage BitLocker…, and you’ll get the following dialog which will let you configure the BitLocker settings for the drive, including removing protection.

So there you have it. The same security that BitLocker brought to your internal hard drives in Vista can now be used on portable drives. Cool stuff.

UAC Customization
Easily one of the most contentious security features to ever come out of Microsoft, UAC was implemented in Windows Vista as a means of preventing users from inadvertently installing unwanted software on their machines.

I want to make this very clear here and now: There is a lot of passion, both for but mostly against UAC. I have always been a supporter of using UAC as it is the best means Windows provides of keeping unintended software from getting installed on your computer. This post is meant to show some of the ways UAC works in the beta of Windows 7. I will not engage you in a debate over whether UAC should or shouldn’t be or how well you think it works. There are other venues for that conversation and this post isn’t one of them.

That being said, the first thing you’ll notice about UAC in Windows 7 is that the product team seems to have “right-sized” UAC prompts. One of the main complaints from users regarding UAC in Vista was its ubiquity. It seemed that even the most minute system changes required user or even administrative approval. While this certainly had the effect of making users more aware of what was happening on their PCs, it also had a negative impact on their experience.

In Windows 7, the user impact of UAC is significantly improved. By default, Windows 7 UAC will only prompt the user when software on the system tries to modify Windows, but does not prompt when the user makes changes to Windows. In Windows Vista, you had two options as far as UAC was concerned: Leave it on or turn it off. When left with this choice, many users chose to turn it off and completely lost the benefits UAC did provide. In Windows 7, you have significantly more control over this via the UAC Control Panel Applet. To access it:

1) Click on the Windows Start icon in the lower left-hand corner and select Control Panel.

2) Click on the System and Security link and then, under the Action Center section, click Change User Account Control settings.

3) You will now see the dialog below which contains a slider providing you with the ability to modify how UAC works on your machine. The default setting only notifies the user if software attempts to change Windows somehow, but not when you make changes to Windows yourself:

Like wise, you can increase the UAC setting to prompt you when you are about to change Windows settings, by moving the slider to the top “Always notify” setting. Moving the slider down one position from the default will remove the grayed out background that happens when UAC prompts appear, and obviously moving the slide to the lowest position turns off UAC notifications altogether.

The guiding principle I have for everyone regarding UAC in Windows 7 is: “With great power comes great responsibility.” In roughly two months of using exclusively Windows 7, I have found no need to modify my UAC settings. It’s nice to not be prompted about every little system change, but it’s reassuring to know that it’s still monitoring for system changes initiated by applications on my machine.

It’s important to reinforce here the need for developers to write their software for Standard User in Windows 7. There are plenty of best practices documents available online, including this excellent presentation from PDC 2008, for doing this. Developing software with UAC in mind is a good security practice and should be made top of mind with developers writing software for Windows.

There are, obviously, many more security features coming with Windows 7, including improvements in the migration and deployment tools, the AppLocker application I discussed in last week’s post, improvements and better transparency in the System Restore utility and performance enhancements in Windows Defender. I will likely touch on these additional features in future post, but I thought that BitLocker To Go and the changes to UAC were the most compelling to touch on first. Tune in next week when I look at some cool ways to tweak out your experience in the new Windows 7 desktop!

“Best practices.” Two magic words we all try to make part of our work every day. A lot of information can be found online claiming to be the best practices for this or the best practices for that, but it can be difficult to determine whether the information is reliable or not.

If you’re interested in getting some timely information you can count on from some of the top developers in this part of the country, you should plan to attend the Build Your Skills: Best Practices for .NET Developers event that will be help in St. Louis at the Microsoft offices on March 24, 2009. This full day event will introduces developers to a range of the best practices that developers can use to create better applications in a shorter amount of time. Presented by independent developers with a proven track record of having “been there, done that”, each session will provide insight into what it takes to write applications that run faster, are easier to maintain, and are of the highest possible quality. During the day, you will be introduced to important information and concepts in these areas:

The Fine Art of Profiling (Go Faster) presented by Scott ColestockThere are a set of tools that should be "closer to the top" of your toolbox - in particular, a good profiler. We'll talk about the tools that you already have at your disposal, and a few others that deserve a close look. We'll talk about how to get the most out of your time invested, and where profiling should fit in your development lifecycle.

Building Loosely Coupled Applications presented by Shannon BraunAs enterprise software development has evolved we have identified patterns and practices that help us write more extensible and maintainable applications. Patterns with the names of Dependency Injection, Inversion of Control and Composite View have emerged to simplify the reuse of existing components and aide us in wiring together disparate components. Frameworks have been built to support these patterns. This presentation will explain the patterns, cover the frameworks and talk about the practices required to be successful in building loosely coupled applications.

Exceptional Development: Dealing With Exceptions in .NET presented by Jason BockNET provides a rich mechanism for creating and handling errors in software. Yet it can be (and has been) abused and manipulated, sometimes in very subtle ways, in the name of "reliable code." In this session we'll cover exceptions: how they are created, when should they be handled, and some best practices to follow.

Introduction to Unit Testing presented by Kirstin JuhlThis session will introduce attendees to the art and practice of Unit Testing. We will cover the basic fundamentals of what units are and why and how they should be used. The presentation will cover common tools used in unit testing and contain a brief discussion of Unit Testing within the Test-Driven-Development context. We explore the tools and write some basic unit tests, and watch them run, fail, and pass. A question and answer session will conclude this presentation.

Advanced Unit Testing with Raymond LewallenIn the Advanced Unit Testing session, we will look at Inversion of Control - Dependency Injection, services, repositories, mocking, behavior driven development, MSpec, aggregates, distributors and the tools behind these such as Castle.Windsor, RhinoMocks, Machine.Specifications, NHibernate, Castle Transacations Manager, NServiceBus and a few more if we have time. And of course, we all revolves around writing unit tests and letting those tests drive the outcome of our code.

Each session will provide you with skills you can use right away and a foundation to expand your knowledge in each area as you become more proficient. Space is limited so Register Today!

I feel the need from time-to-time to provide you with an aggregated list of some of the major events and opportunities coming to the St. Louis area in the near future. March and April are going to be big months for St. Louis. Here are a few of the events coming your way.

Midwest SharePoint Conference The Midwest SharePoint Conference is a two-day event that will be conveniently held at the Ameristar Casino right off of Interstate 70 in St. Charles, Missouri. This conference will be jam packed with business and technical content pertaining to the SharePoint platform. The 2009 Midwest SharePoint Conference delivers the hard-hitting information, experiences and networking opportunities to help organizations get the most value from their Microsoft SharePoint,SQL Server and PerformancePoint investments, and promises to provide more than just tips and tricks.

ArcReady: Cloud ComputingFor our next ArcReady, we will explore a topic on everyone’s mind: Cloud computing. Several industry companies have announced cloud computing services . In October 2008 at the Professional Developers Conference, Microsoft announced the next phase of our Software + Services vision: the Azure Services Platform. The Azure Services Platforms provides a wide range of internet services that can be consumed from both on premises environments or the internet.

Session 1: Cloud ServicesIn our first session we will explore the current state of cloud services. We will then look at how applications should be architected for the cloud and explore a reference application deployed on Windows Azure. We will also look at the services that can be built for on premise application, using .NET Services. We will also address some of the concerns that enterprises have about cloud services, such as regulatory and compliance issues. Session 2: Mesh and Live ServicesIn our second session we will take a slightly different look at cloud based services by exploring Live Mesh and Live Services. Live Mesh is a data synchronization client that has a rich API to build applications on. Live services are a collection of APIs that can be used to create rich applications for your customers. Live Services are based on internet standard protocols and data formats.

MSDN Events UnleashedEnhance your coding capabilities with new tools, tips, and inside secrets from MSDN Events. You’ll see how developing for a Windows Mobile phone leverages your current coding skills and can make it simple to build, deploy and debug cool new devices. Additionally, we’ll be showing you how to take full advantage of the Visual Studio debugger. We’ll offer some great tips and tricks to help you debug faster and more efficiently, while applying fresh techniques to ramp up your problem solving abilities.

Session 1: Tips & Tricks for the Visual Studio 2008 DebuggerThe Visual Studio debugger is a highly underutilized tool for many developers. In this session, you’ll learn how to use it like a pro, while picking up new techniques to fast-forward your problem solving and debugging abilities. We’ll show you how to use advanced breakpoints, advanced watch window / Expression evaluator tricks, modifiers, assertions on the fly, remote debugging, and more. Whether you’re writing C#, VB, WPF, ASP.NET, Windows Forms, or services, we’ll provide tips and tricks that will have you debugging faster and much more efficiently. The debugger is your primary tool for finding bugs, so join us and learn how to make the most of it.

Session 2: Developing for Windows Mobile DevicesMobile development is growing fast, and Windows Mobile is at the forefront with over 18 million phones shipped last year and many more cutting-edge devices on the way. Visual Studio developers have tremendous opportunities in this space. Why? Developing for a Windows Mobile phone leverages your existing coding experience and takes it to new heights. In this session, we’ll look at some of the coolest new devices, you’ll learn how to set up Visual Studio with the latest SDK and device emulators, and you’ll see how to build, deploy and debug Windows Mobile applications. We’ll also explore how Internet Explorer Mobile 6 provides new AJAX capabilities that offer the richness of the desktop with pan and zoom features tuned for mobile devices.

TechNet Events UnleashedWorking in partnership with our IT Professional Evangelists, we're very excited to introduce TechNet Events Unleashed to our schedule, and the first topic digs into Windows Server 2008.

Windows Server 2008In this session we will look at Windows Server 2008 and the improvements that have been made to Microsoft’s premier server operating system. Microsoft Windows Server 2008 is the most advanced Windows Server operating system yet, designed to power the next generation of networks, applications, and Web services. With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications, provide a highly secure network infrastructure, and increase technological efficiency and value within your organization.

Windows Server 2008 introduces several new capabilities including 64bit virtualization, a robust web and development platform, improvements in networking, security, high availability and disaster recovery. In addition, there is a new “Core” installation option that reduces the operating system overhead by removing the graphical user interface thus freeing resources and lowering the potential security attack surface. Come see demonstrations on many of the features in a technical deep dive you won’t want to miss!

I’ve been running Windows 7 Beta on all of my machines, work and personal, for about seven weeks now and have really been loving it. There are so many great new features and capabilities in Windows 7, I’ve decided to do a post each Friday on one new feature of Windows 7 until, well, I run out of things to post about. I’m calling this series Windows 7 Friday. Cool and original name, eh?

For this first post, I’m going to show you how to use an application called AppLocker to keep unwanted malware off your computer. Note: You’ll need to have administrative rights on your Windows 7 machine to use the AppLocker application, really since this is actual administrative work!

Put Your PC On Lock-Down
If you have kids and they use the family PC on a pretty regular basis, you’ve no doubt had to deal with malware getting installed on your machine and the scavenger hunt that ensues afterward as you try and locate it. No matter how many times you tell kids to be careful, they just can resist the shiny “Click Me and You’ll Have Good Luck for Sever Years” buttons that appear all over the social networking sites they like to visit. Wouldn’t it be nice if you could give them the ability to install software of which you approve while keeping them from loading up junk inadvertently?

Enter AppLocker. Basically, AppLocker lets you set policies for certain users or groups on your Windows 7 PC and define specifically what types of applications they can and cannot install.

Keeping with the “Preventing my kids from screwing up my computer” scenario, I created a new Windows group called Boynton Progeny and added my daughters’ user accounts to it. I could obviously apply the rules to their accounts individually, but grouping them like this just makes life easier for me.

Also, it's important to note that you should always leave the default rules running on your machine. Primarily, this exercise is designed to just add an additional rule for specific users on my home PC, namely my daughters.

With that done, follow these steps:

1) Open AppLocker by clicking on the Windows 7 “start” icon in the lower left-hand corner of the desktop and, in the search field, type Run. When the dialog window appears, type GPEDIT.MSC.

2) When the Local Group Policy Editor loads, navigate using the tree on the left to Computer Configuration->Windows Settings->Security Settings->Application Control Policies->AppLocker. Click on the Executable Rules applet.

3) In the pane to the right, left-click and select Create New Rule. From this point forward, AppLocker provides a really nice wizard-driven experience, so even if the process of getting here isn’t as friction free as I/’d like it, the rest of the experience will be.

4) Once you click past the first screen of the wizard, you’ll find yourself at the Permissions screen. Here you can define whether this rule is to allow or deny activity on the PC, as well as selecting the Windows user or group to whom the rule should apply. In this case, I selected the Boynton Progeny group I created earlier. Click the Next button.

5) The next screen lets you set conditions for the rule, whether that rule is for a specific software publisher, a local path on your PC, or for unsigned applications. In this case, I want to allow the group Boynton Progeny to install any software signed by Microsoft Corporation, so I select the first option, Publisher, and click the Next button.

6) Since I selected Publisher in the previous screen, he next screen let’s me define the specific software publisher I want to approve. As I’m approving software signed by Microsoft, I need to provide that publisher information here. Fortunately, I don’t need to know it off the top of my head because AppLocker lets me provide a sample signed application. In this case, I used Virtual PC 2007. AppLocker pulled the publisher information from the executable certificate for me automatically. Now, all you have to do is use the slider to the left of the extracted publisher information and scope it to the right level, in this case by moving it next to the Publisher field. Notice that you can adjust the scope to the Product Name, File Name and File Version levels as well. Click the Next button.

7) The next screen gives you the ability to define any exceptions to the rule. For example, I could click on the Add button and, in the dialog box that appears, select the installer for Silverlight Tools for Visual Studio, click OK, and now the Boynton Progeny group can install any software signed by Microsoft except for the Silverlight Tools. When you’ve added any exceptions, click the Next button.

8) This is the final screen of the wizard, so simply click Create and you’re done.

And that’s it!. Pretty easy, really. Likewise, you can go back through the wizard and restrict the ability for the Boynton Progeny group to install any software that isn’t signed by a known publisher or even to a specific directory path on the machine, like Windows\System32.

You will obviously want to take care in selecting rules as you could inadvertantly block perfectly valid applications from running. If for some reason you run into any unexpected issues setting up and using the rules in AppLocker, you can deactivate it by shutting down the AppIDSvc service via the Task Manager.

Having good malware detection software on your PC is a must, but the best defense is a strong offence. If you can stop unwanted or unnecessary software from getting installed on you machine, all the better, and AppLocker in Windows 7 gives you an easy, intuitive way to do this.

Coming up: Next Friday I’ll dive into some of the security updates in Windows 7, including the new and improved User Access Control (UAC) and BitLocker.

In this third and final post of this series on the similarities between software and music, we’re going to focus on something many of us end up doing whether we intend to or not: Teaching. And it’s an important one because it takes the collective topics of my prior posts, learning to play and finding your own voice as a composer, and provides a means of ensuring that your skills and knowledge endure.

Sharing Experience for Fun and ProfitTeaching percussion students in college helped pay for my groceries and rent. At the time, I didn’t teach out of any sense of altruistic vocation – I needed the money, pure and simple. I charged $12 a half hour, $20 for a full hour and sought to cover rudiments, drum kit and a brief listening exercise at the end. My half hour students generally missed out that the last part, but I felt it was really important to teach students how to be active listeners of music. Otherwise, all music becomes just like watching TV or that crap they play in elevators.

As I said, I was teaching more for the extra money than anything else back then, but honestly, it made me feel good as well. There is something inherently satisfying about taking something you know and passing it along to someone else, seeing the light bulb go on over their head when they suddenly “get it.”

Teaching can also be an experience where you have a realization about how much you really know about a certain topic. We all walk around each day with the sum total of our life’s knowledge and experience in our heads, almost always taking it for granted. If it’s familiar to us, then we assume its common knowledge for everyone else as well. Passing it along to someone willing to learn it helps you put what you know, and perhaps more importantly, what you don’t know, in better perspective.

Of course, the financial rewards of teaching music are proportional to the skill, experience and reputation of the teacher. Several months back, I was looking through the classified ads in the back of Modern Drummer and saw an ad for a lesson with the legendary Joe Morello, former drummer of the Dave Brubeck Quartet. While the ad didn’t mention the price, I heard legendary clinician Dom Famularo tell his story about his first lesson with Joe and the number he threw out was two hundred dollars an hour. Oh yeah, and he’s in New York, so unless you live there already, you’ll need to travel. For many of you, $200 an hour might seem excessive for one one-hour drum lesson, but think of what you could learn in that one hour from a guy who can do this:

Joe can charge that rate because he’s not just teaching what he learned in a book somewhere. He has the real world playing experience combined with expert knowledge and skill of the technique required to master the instrument (if “mastering” is ever really possible).

Also, as Joe points out in one of his many instructional videos, he teaches to pass a piece of himself and his collective experience along to the next generation, essentially creating his own legacy through the drummers he teaches.

Architect as MentorSoftware architects, whether official or unofficial in title, are generally considered the thought leaders of any particular development organization. As I mentioned in my last post, I consider the best architects to be the ones who spent years down in the trenches writing, testing and deploying real applications.

While architects are expected to play many roles, often prioritized by the organizations to which he or she belongs, the role of mentor should be considered one of the most important. Stop for a moment and think about architects you may work with today. Beyond working on application and system design, how much time do they devote to working with developers, helping them solve difficult problems, providing guidance and setting direction? If your answer is, “None,” then you may have the wrong people in those positions.

The best architects will have a great deal of technical and organizational experience that will be of great value to the development teams and organizations they serve. Beyond simply providing technical guidance, they can often help avoid political and deployment barriers which often plague projects, expand timelines and increase costs. By serving as an active mentor, they pass this important information along to the next generation of senior developers and architects.

And on that point, I should be clear: While focus here is on architects, the role of mentor is by no means limited to just architects. Along my career path, I’ve run into several outstanding developers who, because of their generosity with their time, helped me and many others become better software developers.

So there you have it. As Darth Vader once said, “The circle is now complete.” (Of course, he said that to Obi-Wan Kenobi, his former mentor.) Are there other avenues of similarity we could follow here? Certainly, but I think this post finishes out the three most important similarities between being a musician and a software developer/architect: Learn your technique, learn to play and create new music and pass on what you’ve learned to the next generation.

I’ve gotten some really great feedback on this series and welcome your comments. Please share them with me and keep the conversation going.

It shouldn’t be a surprise to anyone that the way consumers discover, educate, compare and eventually purchase products and services in today’s world is vastly different than it was ten years ago and continues to evolve at a rapid pace today. For companies and their brands to stay relevant in the hearts and minds of the consumer segments they strive to reach, they need to leverage technology to connect with those customers in a variety of places and ways.

On Wednesday, February 25th, Microsoft and Quilogy will present Digital Marketing in a New Digital Era. This will be a half-day seminar focusing on key strategies and technologies that will help businesses reach their existing customers and connect with new ones as well. The seminar will feature prominent speakers from Microsoft and Quilogy, and from them you will get real-world information about how companies like Microsoft are embracing the digital era in their marketing and advertising strategies. Additionally, we’ll feature an in-person case study with Derek Jerrell from Winchester Ammunition demonstrating a ballistics calculator they developed to run both in the browser via Silverlight 2 and on the Surface table device in Windows Presentation Foundation. This is a very cool application and will give you a clear, definitive example of building intriguing, interactive applications that can be ported to multiple clients and devices.

Here are the details for the event:

RegistrationYou can register online for this event here, or contact Phil Sherer at Quilogy at 636-947-9393, ext. 2122.

Date, Time and LocationWednesday, February 25, 2009 from 8:30 AM to 12:00 noon

MySpace. Facebook. Twitter. LinkedIn. And the list goes on and on. Undoubtedly, social networking online, or social computing for short, is becoming more prevalent in all of our lives to one degree or another. I personally realized the impact it was having on me the first time I checked my Twitter feedbefore email during my first cup of coffee in the morning.

However, I would venture a guess that most people view social computing as a way to keep in touch with current friends and acquaintances and to reconnect with people from your past. In other words, it’s seen as a personal activity, something you do on your own time.

Smart businesses are beginning to leverage the power and momentum of social computing in the marketplace to build brand recognition and prestige, attract new customers and beneficially impact their bottom line. This is exactly the type of strategy that Bob Pearson, VP of Communities and Conversations at Dell Corporation, has been tasked to develop. I met Bob at the Strategic Architecture Forum in San Francisco last November and he was kind enough to sit down and talk to me about social computing. Our conversation is featured in this week’s episode of ARCast.tv.

Be sure to check out this episode and let us know what you think. Social Computing: Fad or Future?

In my last post on this topic, I looked at some of the commonalities between learning to play a musical instrument and writing software. In each case, there are “rudiments” to be learned, boring though they may be, that help one become great at either craft. In this second installment, we’re going to look at what happens when you’ve finally learned to play and decide you’re ready to take the next step: Composition.

Finding Your Own Voice There us a huge difference between playing the notes written on a page and making music. When we find a piece of music we really like, more often than not it’s the feel of it that draws us. More than the simple, linear arrangement of notes or chords, it’s the interpretation of those notes through the act of performing that makes a simple sheet of musical notation actual music.

For many musicians, this is more than enough. But for some, the satisfaction of simply playing music written by others wanes quickly and they seek to find their own voice, to express their own ideas, their own reflecting glass for their experiences. So they turn their energy to musical composition.

To be a successful songwriter or composer, you need:

Experience: First and foremost, you must have mastered the art of playing music before you can master composing music. I’m certain that this is an arguable point (I’ve never seen a point that wasn’t), but in my experience, those who can’t play generally can’t write very well either. They tend to have unrealistic expectations of the musicians that will need to take what they’ve written and perform it. They also tend not to have a good feel for what musical structures fit well together and sound most natural to the human ear. It’s that sense of recognition and comfort, after all, that differentiates what people consider music from background noise.

Creativity: This seems like kind of an obvious one, but you’d be surprised how many people I run into that try to write music based on an astoundingly detailed knowledge of musical theory. Certainly, theory provides you with the tools to understand the what of music, but the how, and more importantly, the why must come from the mind and imagination of the composer. Without creativity in composition, we’d still be listening to waltzes and chamber music, the lute would still be the string instrument of choice and percussion would be optional (though some may argue it is anyway). Human creativity pushes the envelope and fosters an environment where the art can evolve beyond the status quo.

Knowledge: This is related to experience, but is slightly different. Imagine you’re composing a piece for a major symphony orchestra. Think of all the individual instruments for which you’d need to write parts: Violins, violas, cellos, basses, winds, brass, percussion, etc. And within each instrument group, you need to write the first part, second part, etc. If the only instrument you’ve ever studied is the clarinet, then you’ll likely write a fantastic clarinet part, but will likely find it very difficult to successfully write all the other parts in a way that leverages the strengths of each instrument and creates one unified piece of music. Understanding and knowing the composite parts of the larger ensemble of instruments will certainly lead to a more cohesive and sonorous piece of music.

The Composition of ArchitectureMusical composition clearly has parallels to the software development process when you consider the role of the architect, vague though the definition of that role can often be.

In my experience, I’ve found it very unusual to see successful architects that didn’t start out, in some capacity, as software developers. What I find to be the case more often than not is that the best developers on a particular team gravitate into the role of the architect, either de facto or de jure. I can’t speak for all architects that followed this particular career progression, but I can speak for myself.

I was drawn to software architecture for a couple of reasons:

Writing software handed to me and designed by someone else started to hold less interest day-to-day for me

I felt I had good ideas for designing systems and wanted to be in the position to express them

In other words, I wanted to stop just being a “performer” and wanted to become a “composer” because I saw it, primarily, as a venue to better express my technical ideas. That being said, I still code as often as I can (which isn’t very often these days, but I do find time now and again). I’ve never met a composer who didn’t continue to play on a regular basis, even though it wasn’t their primary vocation. We do this because it keeps us sharp and in touch with the ultimate results of our work. If we can’t play it, it will be difficult for others to play it. Some of the worst architectural designs I’ve seen have come from architects who never paid their dues in the trenches writing code and making software work on a real project. I once had a friend who told me, “True wisdom comes from great pain and suffering.” Over the years, that dictum has been proven true time and time again.

I think that creativity is one of the most overlooked characteristics in successful software developers and architects. When we think of people who work in software, it’s easy for us to picture the long-faced nerd with an overbite, thick black glasses and a picket protector tucked into the front of wrinkled white dress shirt, purely analytical and socially inept. While the industry certainly has its share of those archetypal individuals, it’s also filled with mainstream, highly creative people who simply love the malleability of software and the ability to make it into just about anything you want or need it to be. Like music, software architecture has “theory” (we tend to call it “best practices”) that, if followed, get you moving in the right direction, and ultimately it’s the creative use of those guidelines that allow new ideas, techniques, and yes, best practices to be tried and vetted. It is creativity, I think, that makes a lot of musicians and other folks with artistic backgrounds who work in the software industry so successful. Because the tenets of theory are more guidelines as opposed to hard rules, musicians tend to be more comfortable experimenting with things that haven’t been tried before. Musicians don’t have a corner on the creative market, of course, but for the most part they have active, creative minds that can drive the “next big idea” to make developers, architects and the products they produce better. When you stop to consider something like test-driven development (TDD) and the progenitors of that movement, it’s easy to see the important role creativity can play in building better software. Many people would call this “Thinking outside the box.” A creative approach to developing software precludes the idea of a box in the first place.

Certainly, the role of knowledge in software architecture should be self-evident. In this case, it also warrants a discussion of its own and will be the topic of the next and last post in this series: Teaching.

The first time I saw Ron Jacobs talk about service-oriented architecture was at Microsoft TechEd 2004. He did a talk with John Devados and it was the first time I can remember someone talking about services in a way that made sense to me as a developer as well as an architect. It seemed that every time I went to see a talk on SOA, I was looking at a lot diagrams of clouds with lines connecting them to other clouds. Any questions about the practical application of services was met with the answer, “Well, it depends.” Ron was the first person I ever saw who offered real, prescriptive guidance on how to design and implement properly factored services, and it had a big impact on how I’ve approached SOA ever since.

Beyond being an in-demand conference speaker, Ron is also the creator of ARCast.tv, the show that I and several other architects at Microsoft got the chance to co-host just a little over a year ago when Ron moved-on to become a technical evangelist for the Windows Communication Foundation and Workflow Foundation product teams. Heck, I even had the opportunity to do an interview with Ron back in 2006 at the Microsoft National Architecture Forum in Vale, CO.

In our newest episode of ARCast.tv, Ron gets to sit in the interviewee seat and talk about some of the key differences and benefits of SOAP-based and RESTful services, and how Windows Communication Foundation supports the implementation of both types of services.

It’s always striking to see how many of our colleagues in the software industry are musicians. That fact occurred to me last week as I went to jam with some guys I’d never played with before. The lead guitarist walked over to me as I was setting up my kit and said, “You work for Microsoft, right?” and so began a twenty minute conversation about how he had worked in IT for years before retiring and going on to teach and play guitar full time.

Everywhere I travel, I find software developers and architects who moonlight as musicians. I’ve been thinking a lot about this lately and think I’ve discovered why so many of us sit in front of a computer keyboard by day and a piano keyboard by night: The act of learning and playing a musical instrument requires many of the same mental attributes and skill sets that are essential to being a good software developer. I’ve decided to explore this topic a little deeper in a series of posts. This being the first, we’ll focus on the building blocks of both skills: Technique.

Learning to PlayI started playing the drums when I was eight-years-old and in the third grade. I can still remember my first band practice at school, holding the huge pair of standard issue Ludwig concert sticks and hitting the solid steel Ludwig concert snare drum my parents rented for me (secretly hoping all the time that my desire to be a percussionist would soon fade, I’m sure). The first thing we learned to play were the 13 essential drum rudiments. These are the building blocks of playing the instrument and are excellent exercises for building coordination and speed. The first one we I learned then, and most percussionist still learn today, is called the paradiddle.

The paradiddle is repetitive pattern between the left and right hands. It looks like this: R-L-R-R-L-R-L-L. Go ahead, try it. I know you want to.

When starting to learn this rudiment, you begin the pattern slowly, focusing on keeping each stroke even with the next at a steady tempo. When this initial slow tempo feels good, then you gradually speed up, continuing to focus on evenness and tempo. If your strokes start to become uneven or you have trouble keeping up the tempo, slow down until things get better and then, gradually begin to increase in speed again. Here’s an example:

While learning this first of many rudiments, I was also instructed in how to properly hold the sticks in my hand:

Let the stick sit relaxed in your hand

Use the rebound of the stick off the drum head to help propel the next stroke

Use your fingers to catch and manipulate the stick

The stroke comes from snapping your wrist, not your arm – you’ll never get speed using your arms

I was getting all this instruction while still having to think the pattern “R-L-R-R-L-R-L-L” consciously. This was really hard to learn in the beginning. I was teaching my body to operate in a way it never had before, wiring up nerve paths that didn’t exist, and trying to maintain a level of discipline to make it all happen. The last point proved to be more difficult that the previous two.

As with any learning experience, you have to learn the basics before you can move on more advanced techniques and concepts. Let’s face it, practice the rudiments can be really boring, but they help you build the technique you need to take your skills to the next level. And the commitment you show to practicing the basics has a direct correlation to the level of your success. Are there exceptions to this rule? Always, but they are very rare.

Learning to CodeSo, what’s the correlation to learning to code? As I detailed in my software development meme, I don’t have what you would call a traditional background for someone who does what I do for a living. I started college as music performance major and then switched to English literature, in which I went on to eventually earn a Master’s Degree. Coming out of graduate school, newly married, I found the job market somewhat lacking in open “poet” positions, so I went back to my old hobby, computer programming.

Truth be told, I learned to write software in “the modern era” by purchasing books like “Teach Yourself Visual Basic 4 in 21 Days” and “JavaScript Unleashed.” We laugh about those kinds of books these days, but back then, in the pre-WROX days, those were great learning tools available conveniently at my local Borders. I was working a fulltime job, so I spent hours and hours each night after my wife went to bed sitting in front of my Windows 95 PC doing exercise after exercise, learning language syntax and form:

The things I use in the user interface are called “controls,” and their behavior is controlled by “events”

Objects represent entities specific to my application or business problem – their actions are called “methods,” their descriptors are called “properties”

Text data is handled as a “string,” numeric values can be “short,” “int”, “long,” “double,” etc.

SQL is the language you use to communicate with databases

Of course, these seem ridiculously natural to us now, but at one point, all of these concepts were new. They’re called “rudimentary” because these concepts are the building blocks of what allow us to write applications, just like the mastery of the paradiddle contributed to my becoming a better drummer.

This was me learning the technique of software development. Like learning to read music, which is itself a new language, I was learning the rudiments of software development. And just like their musical counterparts, these rudiments don’t automatically make good software. Without a fundamental understanding of structure, style and yes, art, software is just a series of lines of code stacked one on top of the other. The more you practice the art, the more you learn about how these rudimentary concepts coalesce to create something greater than the some of their parts.

And thus is the transition between the rudiments and the final product. Music is more than just playing notes on a page. It’s weaving those notes together and producing something musical with them, like this alteration on the simple paradiddle when I sit behind my drum kit:

Likewise, writing software is more than just slapping code onto the screen. Your code is built into a larger structure and constructed carefully to maximize performance, user experience and maintainability. This is the quintessential art of software development, and one of the reasons why I think so many creative people are drawn to software in the first place. Like music (and most other forms of art as well), programming marries the strengths of both hemispheres of the brain. The analytical, pragmatic mind enables and facilitates the creative vision, providing it the tools it needs to be realized. Thus, technique evolves into proficiency and, eventually, mastery.

So, what happens once we practice the rudiments and become proficient artists? In my next post, we’ll explore the similarities of musical composition and software design.